iangcarroll / cookiemonster
πͺ CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
β852Updated last month
Alternatives and similar repositories for cookiemonster:
Users that are interested in cookiemonster are comparing it to the libraries listed below
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,489Updated 9 months ago
- Accept URLs on stdin, replace all query string values with a user-supplied valueβ793Updated 2 years ago
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..eβ¦β959Updated 7 months ago
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!β857Updated last year
- MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filteringβ¦β1,377Updated this week
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one plβ¦β948Updated last month
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devicesβ622Updated 3 months ago
- An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirectsβ953Updated 3 years ago
- The most exhaustive list of reliable DNS resolvers.β729Updated this week
- Go client to communicate with Chaos DB API.β682Updated this week
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3β1,896Updated last year
- declutters url lists for crawling/pentestingβ1,268Updated last month
- β375Updated 3 years ago
- A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given targetβ1,247Updated 2 months ago
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ972Updated last year
- GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grepβ1,259Updated 5 months ago
- bypass-url-parserβ1,056Updated this week
- a javascript change monitoring tool for bugbountiesβ621Updated 6 months ago
- Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!β1,076Updated 3 weeks ago
- Making Favicon.ico based Recon Great again !β1,155Updated last year
- Fetches javascript file from a list of URLS or subdomains.β755Updated last year
- Golang client for querying SecurityTrails API dataβ545Updated last year
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlistβ1,306Updated 7 months ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerabilityβ846Updated 3 years ago
- Automation for javascript recon in bug bounty.β935Updated last year
- Tool to check for dependency confusion vulnerabilities in multiple package management systemsβ709Updated 6 months ago
- Small tool to Grab subdomains using Shodan api.β390Updated 3 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β622Updated last year
- A tool to check a bunch of URLs that contain reflecting params.β559Updated 6 months ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelβ¦β948Updated last month